Cross-site Scripting Vulnerability in WP Codeus Advanced Sermons Plugin
CVE-2024-29928
7.1HIGH
What is CVE-2024-29928?
The WP Codeus Advanced Sermons plugin is vulnerable to a reflected cross-site scripting (XSS) issue. This vulnerability arises from improper input neutralization during web page generation. Attackers can exploit this flaw to inject malicious scripts into web pages that are viewed by users, potentially leading to unauthorized access or manipulation of user data. Versions of the Advanced Sermons plugin from its initial release up to version 3.1 are affected, making it crucial for administrators to apply security updates.
Affected Version(s)
Advanced Sermons <= 3.1